[Gen2 VM] Send null uefiSettings along with 'Standard' securityType

[AjKundnani]

Preconditions

• No need to upgrade Python SDK or the Python SDK is ready.

Related command

az vm create --security-type Standard
az vm update --security-type Standard
az vmss create --security-type Standard
az vmss update --security-type Standard

Resource Provider

Microsoft.Compute/virtualMachines

Description of Feature or Work Requested

Cmdlets az vm create and az vm update support securityType value Standard which allows end users to bypass or roll-back Trusted launch VM to Gen2 VM.

However, currently:

• az vm create is sending securityProfile as null which is causing Trusted launch VM to be created. Request to send following API request instead, securityType should be set to Standard and uefiSettings set to null:

securityProfile = @{
            securityType = "Standard"
        }

• az vm update command is passing blank or empty uefiSettings as well which is causing below error from API.
  ErrorMessage: Use of UEFI settings is not supported when security type is 'Standard'.

uefiSettings should be sent as null along with securityType Standard.

securityProfile = @{
            securityType = "Standard"
        }

Minimum API Version Required

2020-12-01

Swagger PR link / SDK link

Virtual machine create with uefiSettings

Request Example

No response

Target Date

2025-03-01

PM Contact

ajkundna

Engineer Contact

psurad

Additional context

• We are implementing "Trusted launch as default" in REST API (currently in private preview). i.e., sending null securityType will be interpreted as TrustedLaunch by API instead of Gen2. Hence need to send Standard securityType.
• This feature requires AFEC registration Microsoft.Compute\UseStandardSecurityType
• uefiSettings in az cli version 2.62.0 are sent as empty or blank. uefiSettings block should be sent as null when securityType parameter is set to Standard

[yonzhan]

Thank you for opening this issue, we will look into it.

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• Unable to create a VM with --security-type Standard #28397

---

Possible solution (Extracted from existing issue, might be incorrect; please verify carefully)

This worked for me on EL8:

dnf list --showduplicates azure-cli
dnf install azure-cli-2.56.0-1.el8

https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=dnf#install-specific-version

Reference:

• Unable to create a VM with --security-type Standard #28397 (comment)

[zhoxing-ms]

Target Date
2025-03-01

@AjKundnani Sorry, as this sprint is already fully scheduled, can we postpone it to the next sprint (probably before mid April)?

[AjKundnani]

@zhoxing-ms, before mid-April 2025 works, thanks in advance.